diff options
| author | Peter Eisentraut | 2017-11-18 15:07:57 +0000 |
|---|---|---|
| committer | Peter Eisentraut | 2017-11-18 15:15:54 +0000 |
| commit | 9288d62bb4b6f302bf13bb2fed3783b61385f315 (patch) | |
| tree | 2b6fa3bf8940b1f8d2ec77fc367fd750de82390d /src/interfaces/libpq/fe-auth.h | |
| parent | 611fe7d4793ba6516e839dc50b5319b990283f4f (diff) | |
Support channel binding 'tls-unique' in SCRAM
This is the basic feature set using OpenSSL to support the feature. In
order to allow the frontend and the backend to fetch the sent and
expected TLS Finished messages, a PG-like API is added to be able to
make the interface pluggable for other SSL implementations.
This commit also adds a infrastructure to facilitate the addition of
future channel binding types as well as libpq parameters to control the
SASL mechanism names and channel binding names. Those will be added by
upcoming commits.
Some tests are added to the SSL test suite to test SCRAM authentication
with channel binding.
Author: Michael Paquier <michael@paquier.xyz>
Reviewed-by: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
Diffstat (limited to 'src/interfaces/libpq/fe-auth.h')
| -rw-r--r-- | src/interfaces/libpq/fe-auth.h | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/interfaces/libpq/fe-auth.h b/src/interfaces/libpq/fe-auth.h index 5dc6bb5341d..1525a527420 100644 --- a/src/interfaces/libpq/fe-auth.h +++ b/src/interfaces/libpq/fe-auth.h @@ -23,7 +23,12 @@ extern int pg_fe_sendauth(AuthRequest areq, int payloadlen, PGconn *conn); extern char *pg_fe_getauthname(PQExpBuffer errorMessage); /* Prototypes for functions in fe-auth-scram.c */ -extern void *pg_fe_scram_init(const char *username, const char *password); +extern void *pg_fe_scram_init(const char *username, + const char *password, + bool ssl_in_use, + const char *sasl_mechanism, + char *tls_finished_message, + size_t tls_finished_len); extern void pg_fe_scram_free(void *opaq); extern void pg_fe_scram_exchange(void *opaq, char *input, int inputlen, char **output, int *outputlen, |